-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Paul White edited this page Feb 7, 2026
·
2 revisions
Mobile Security Penetration Testing Platform
Mobilicustos is an enterprise-grade mobile application security analysis platform that performs comprehensive static and dynamic analysis of Android (APK) and iOS (IPA) applications. It combines 28+ security analyzers, dynamic instrumentation via Frida, and integration with industry tools like Burp Suite, Drozer, and Semgrep to deliver actionable security findings mapped to OWASP MASVS/MASTG standards.
- Getting Started — Installation, prerequisites, and first scan
- Configuration Reference — All environment variables and settings
- Architecture Overview — System design, data flow, and component diagram
- Database Schema — PostgreSQL tables, Neo4j graph model, Redis usage
- Infrastructure — Docker services, Dockerfiles, networking, and deployment
- Analyzer Pipeline — How scans are orchestrated and executed
- Analyzer Catalog — Complete reference for all 28+ security analyzers
- Dynamic Analysis — Frida hooks, Drozer modules, and runtime testing
- Frontend Guide — Vue.js architecture, views, components, and state management
- API Reference — All REST API endpoints with request/response details
- Integrations — Burp Suite, SIEM/SOAR, issue trackers, and app stores
- Security Testing Guide — End-to-end workflows for penetration testing
| Feature | Description |
|---|---|
| 28+ Analyzers | Static and dynamic security analyzers covering Android, iOS, and cross-platform frameworks |
| Framework Detection | Automatic detection and specialized analysis for Flutter, React Native, and native apps |
| OWASP Mapping | All findings mapped to MASVS categories and MASTG test cases |
| Dynamic Analysis | Frida-based runtime hooking, Drozer IPC testing, and network traffic interception |
| Attack Paths | Neo4j-powered attack path visualization showing exploitability chains |
| Integrations | Burp Suite, SIEM/SOAR (Splunk, Elastic, Sentinel), Jira, GitHub Issues |
| Multi-Format Export | CSV, JSON, HTML, PDF, SARIF, Burp XML, HAR |
| PoC Evidence | Every finding includes verification commands, code snippets, and Frida scripts |
| Scheduled Scans | Cron-based automated scanning with webhook notifications |
| Corellium Support | Virtual iOS device management for cloud-based dynamic testing |
| Layer | Technology |
|---|---|
| Backend | Python 3.11, FastAPI, SQLAlchemy 2.0, Uvicorn |
| Frontend | Vue 3.5, TypeScript, Pinia, PrimeVue 4, Vite 6 |
| Database | PostgreSQL 15.6, Neo4j 5.26, Redis 7.4 |
| Analysis Tools | Frida 16.x, Drozer 3.x, Objection 1.11, Semgrep 1.50+, Androguard, LIEF |
| Infrastructure | Docker Compose, Nginx, multi-stage builds |
┌─────────────┐ ┌──────────────┐ ┌──────────────────┐
│ Frontend │────▶│ Nginx │────▶│ FastAPI API │
│ Vue 3 SPA │ │ Proxy │ │ (31 routers) │
│ Port 3000 │ │ │ │ Port 8000 │
└─────────────┘ └──────────────┘ └────────┬─────────┘
│
┌──────────────────────────────┼──────────────────┐
│ │ │
┌─────▼─────┐ ┌────────▼────────┐ ┌─────▼─────┐
│ PostgreSQL │ │ Neo4j │ │ Redis │
│ (15.6) │ │ Attack Paths │ │ Caching │
│ 87 tables │ │ Graph DB │ │ Queues │
└────────────┘ └─────────────────┘ └───────────┘
│
┌─────▼──────────┐ ┌─────────────────┐
│ Report │ │ Analyzer │
│ Processor │ │ Containers │
│ (Normalizer) │ │ (Blutter, jadx) │
└────────────────┘ └─────────────────┘
Current release: v0.1.1
License: MIT
Mobilicustos v0.1.1 | GitHub Repository | MIT License
Getting Started
Architecture
Analysis Engine
Interface
Workflows